eModeration is using OneLogin to protect the security of client details.

However, if the Wizard tool doesn't work, eModeration employees can still build and on-board the application themselves.

"The next step, if this doesn't work, is to build the application yourself. It's easier for someone with a bit of technical background at this point, as it would require you to read the source code of the page. However, if you have a bit of HTML knowledge, that would be enough for you to build an application from scratch," he added.

"Finally, if it was an extremely complex login page, that required Java script for example, we would ask OneLogin to build it for us, which they typically do within a couple of days without any extra charge."

eModeration was able to implement OneLogin in just one week for over 100 employees. It now has almost 500 employees using the tool, 300 of which needed to be added in two weeks when it won a big client that required extra staff to be taken on.

Elson said that there has only been a handful of examples where OneLogin has not been able to build an application for access to a client's platform, and this is often due to Flash based websites. He also explained that the company had no qualms about looking to the cloud for a solution, as it has always fully operated from the cloud due to all its employees working from home.

However, Elson does admit that if OneLogin suffered any significant outage, the aftermath for eModeration would be costly.

"It would be a huge issue for us, there's no argument there. But of course we have considered it and have a contingency plan. We would have to hand out passwords to our employees. The problem with this is that it would require a huge clean-up process afterwards," he said.

"It is important to me that a single moderator does not have direct access to a client tool. We are representing a corporate client and I don't want employees to be able to log into a page without going through OneLogin and leaving an audit trail."

"So if we did have to give them direct access, as soon as possible we would refresh the password. It would cost us a lot in effort mopping up after an event like that."